I’m performing a PCI-DSS compliance review for our latest IVR revision. We use the ‘Secure Pause’ action in Architect to mask credit card entry.
However, we’ve discovered a serious gap: if the customer is transferred to an external PSTN number (like a third-party payment processor) mid-transaction, the Secure Pause seems to disengage during the ‘Transfer’ segment. When we listen to the call recording, the DTMF tones for the digits entered after the transfer started are clearly audible and visible in the waveform.
Is there a way to force the Secure Pause to persist across a transfer to an external number, or do we need to implement a ‘Secure Flow’ for the entire external segment?
This is a nightmare for SOC2 compliance too. We had a similar issue where our SIP headers were leaking metadata during transfers. The problem is that once the call leaves the Genesys Cloud ‘Media’ environment and hits the external PSTN, the Secure Pause ( which is a local media service function) loses its grip on the stream.
You definitely should move that entire segment into a ‘Secure Flow’. In a Secure Flow, the system uses a different media processing path that doesn’t even record the audio by default, which is much safer than relying on a ‘Pause’ button that might fail during a signaling change like a transfer.
I’ve handled dozens of callback and payment implementations. Ren here. If you can’t use a Secure Flow, look at ‘Line-Side’ masking on your BYOC Edge. You can configure the Edge to strip DTMF from the audio stream entirely for specific outbound routes. This way, even if the recording is active, the tones never make it into the file. It’s a more ‘Brute Force’ approach but it’s foolproof for PCI audits.
Coming from the Zendesk world, I’ve seen how easy it is to leak PII in notes. In Genesys, if you’re using the standard ‘Transfer’ block, the platform treats it as a ‘Handover’.
If you use the ‘Call Secure Flow’ action instead, you can collect the digits before the transfer, store them in a secure variable, and then pass them to the third party via a Data Action instead of making the customer type them again on the PSTN line. This is much better for the customer experience and eliminates the recording risk entirely!